Legal

Privacy Policy

A clear view of what we collect, what we store, and what stays on your machine.

Last updated: January 12, 2026

This Privacy Policy explains how Unfault ("we", "us", or "our") collects, uses, and processes personal data when you use our website, services, and developer tools.

This Privacy Policy applies to the unfault.dev website, the Unfault application available at app.unfault.dev, and any related subdomains or services operated by Unfault (collectively, the “Service”).

Unfault is a developer tool designed to analyze code locally by default and to store only derived analysis data when explicitly requested. We aim to be clear and precise about what data we collect, and what we do not.

1. Who we are

Data Controller

Unfault (project operated by Sylvain Hellegouarch)

20 rue d'Isly

35000 Rennes

France

Contact email: sylvain@unfault.dev

Unfault is currently operated as an individual project based in France. This section will be updated if and when a legal entity is created.

2. Privacy in a nutshell

  • Your source code is processed locally on your machine.
  • Unfault does not upload or store raw source files as part of its standard operation.
  • Persisted data contains derived analysis only (graphs, findings, summaries), and only when you choose to store it.
  • We do not sell personal data and do not use customer source code to train machine-learning models.
  • We collect minimal website and account data necessary to operate the service.

3. Scope of this policy

This policy applies to:

  • the unfault.dev website,
  • Unfault's hosted services (accounts, sessions, metadata),
  • the Unfault CLI and editor extensions, where applicable.

Some processing occurs entirely on your device and never reaches our infrastructure. That processing is described explicitly below.

4. Website data (unfault.dev)

When you visit unfault.dev, we collect limited technical data required to operate, secure, and improve the website.

Data collected

  • IP address (which may be truncated or anonymized),
  • browser and device information,
  • pages visited and basic usage metrics.

Purpose

  • website operation and performance,
  • security and abuse prevention,
  • aggregate usage analysis (no individual profiling).

Infrastructure and processors

  • Netlify, Inc.: website hosting and delivery
  • Google Cloud Platform: DNS and content delivery (CDN)
  • Google Fonts: font delivery

We do not use advertising cookies or cross-site marketing trackers.

5. Accounts and service usage

If you create an Unfault account or use hosted features, we process limited account-related data.

Data collected

  • email address,
  • authentication identifiers,
  • organization or workspace identifiers (if applicable),
  • billing metadata (if applicable).

Purpose

  • authentication and access control,
  • service operation and support,
  • billing and compliance, where applicable.

Unfault does not perform behavioral profiling or enrich accounts with third-party data.

Authentication provider

  • Clerk, Inc.

6. Code analysis and CLI usage

Local processing

Unfault parses and analyzes source code locally on your machine by default.

As part of its standard operation:

  • raw source files are not uploaded to Unfault servers,
  • raw source files are not transmitted to Unfault servers,
  • raw source files are not stored by Unfault servers.

All parsing, static analysis, and graph construction start locally.

The Unfault CLI and editor extensions are open source (MIT licensed), allowing users to audit client-side behavior, including local parsing and network interactions.

Derived analysis data

When you explicitly run an Unfault review and choose to persist the results, Unfault may store derived artifacts, such as:

  • structural graphs (imports, symbols, call relationships),
  • analysis findings (e.g. missing timeouts, blocking async calls),
  • metadata (such as language or framework detection),
  • session summaries.

These artifacts:

  • do not include raw source code,
  • are derived from static analysis,
  • are not intended to allow reconstruction of the original source code.

Natural-language queries (unfault ask)

When you use natural-language queries:

  • answers are generated using stored session summaries, findings, and graph data,
  • Unfault does not re-read full source files at query time as part of standard operation,
  • text embeddings are generated from derived analysis text, not from raw source files.

7. What Unfault does not do

As part of its standard operation, Unfault does not:

  • upload full source code,
  • index repositories remotely,
  • run background scans without user action,
  • sell personal or analysis data,
  • use customer source code to train machine-learning models.

8. Cookies and similar technologies

8.1 Strictly necessary cookies

Unfault uses a small number of cookies that are strictly necessary for the Service to function, such as:

  • authentication and session management,
  • security protections,
  • infrastructure routing.

These cookies do not require consent under applicable law.

We also collect privacy-preserving analytics that do not rely on tracking cookies.

8.2 What we do not use

We do not use:

  • advertising cookies,
  • third-party marketing trackers,
  • cross-site profiling cookies.

9. Data retention

  • website and infrastructure logs are retained for a limited period for security and operational purposes,
  • account data is retained while the account remains active,
  • stored analysis sessions are retained until deleted by the user or account owner, unless retention is required by law.

10. Legal basis for processing (GDPR)

Personal data is processed on one or more of the following legal bases:

  • performance of a contract,
  • legitimate interests (service operation and security),
  • legal obligations,
  • user consent, where required.

11. International data transfers

Where personal data is processed outside the European Union, Unfault relies on appropriate safeguards, such as Standard Contractual Clauses or equivalent legal mechanisms.

12. Sub-processors and infrastructure providers

Unfault relies on a limited number of trusted third-party providers to operate the service:

  • Google Cloud Platform: hosting, storage, and content delivery
  • Clerk, Inc.: authentication and account management
  • Netlify, Inc.: website hosting and delivery

These providers process personal data only as necessary to provide their services to Unfault and are subject to appropriate contractual and legal safeguards.

13. Your rights

You have the right to:

  • access your personal data,
  • correct inaccurate data,
  • request deletion of your data,
  • restrict or object to processing,
  • receive a copy of your data,
  • lodge a complaint with a supervisory authority.

Requests can be made by contacting sylvain@unfault.dev. We respond within the legally required timeframe.

14. Data security

Unfault implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse.

15. Changes to this policy

This policy may be updated from time to time. Updates will be reflected on this page with a revised "last updated" date.

16. Contact

For privacy-related questions or requests:

sylvain@unfault.dev

Email us